Re: Earthlink emails
On Thu, 2006-09-28 at 19:11 -0700, jdow wrote:
From: Ramprasad [EMAIL PROTECTED]
On Tue, 2006-09-26 at 21:28 -0700, jdow wrote:
Before you blame Earthlink note that it has NOT gone through Earthlink
servers.
relay2.corp.good-sam.com is the receiving email server.
It's a forged email, at a guess. (It also has mangled headers. Newlines
are missing. MAYBE it would do better if you sent it plain text. HTML
tends to mangle things.
{^_^}
Nobody would blame earthlink for the mail , But Most of the spams to my
clients come from earthlink.net.( sometimes as high as 20% of spams
Yahoo comes in next with ~10% )
How do you determine this? Is it by a legitimate domain keys tested
Earthlink SMTP or does it simply say it came from Earthlink? I see
a lot of mail that SAYS it came from Earthlink. But there is not a
single Earthlink name in any of the Received headers. It's forged.
I am going by envelope from only. Obviously can be forged
I have written to them several times that their domain is being forged
heavily by spammers but they refuse to take any action
Explain how they can take any action? How can Earthlink stop it? They
do sue in particularly blatent cases. But if it's some other ISP with
a user forging Earthlink names what on Earth do you expect Earthlink
to do?
Apparently they have removed SPF records after publishing them once.
Thats a stupid idea IMHO. Today I am forced to TEMP FAIL earthlink ids
whenever there is a spam attack on my servers
They went to domain keys. It seems to be better for the Earthlink
situation.
{^_^}
Why not SPF ??
DK is a resource HOG. And I cant do that easily in postfix ,( I know you
will point to dk-milter )
What is the point accepting the mail and the entire data and then
scanning for DK when It should have ideally been rejected after
mail from:
So I let SA do the testing .. which catches the spams but eats resources
of my servers. When you receive 3-5 million mails a day you tend to
bother more about resources
Thanks
Ram
Re: Earthlink emails
On Thu, 2006-09-28 at 11:05 -0700, Loren Wilton wrote: Apparently they have removed SPF records after publishing them once. Thats a stupid idea IMHO. Today I am forced to TEMP FAIL earthlink ids whenever there is a spam attack on my servers SPF can be a pain for a number of reasons that have been discussed endlessly. I suspect Dirtlink found them to be effectively useless. Why not try using domainkeys instead? DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=FB4IOaniCvpDwkx5cYm2jFWe8LB9zRfxL9FHzbhv1JHyGSVrA0o4mttb3jjbU4C3; h=Message-ID:Date:From:Reply-To:To:Subject:Cc:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP; Loren Darn, I dont want to again get into SPF debates. Assume I am using domain keys and catching all spams forged from earthlink , still I am scanning the mails. Anyway that is already happening today. SA is catching spams from earthlink( forged ?) but when you scan a huge number of mails you would like to be able to reject forged mails straight after mail from:. That is what SPF lets you do and that works. No wonder a lot of spammers have stopped forging hotmail or msn because most of those mails dont even get thru the MTA. And a majority of the forged spams I still get is from earthlink or yahoo. Thanks Ram
Re: really slow spamd scan
Greetings, I think I have diabled the DNS and URI lookups and Razor/Pyzor/DCC, and it still takes around 1x seconds to scan one email, but we have a little power supply problem at this moment so I cannot check the configuration file, I'll check it later. I still think it may be caused by the UTF-8 locale. Since the load of that mail server is not high, so may be I just let it there for a moment if I cannot find where the problem is. Regards, Deephay
Re: really slow spamd scan
I think I have diabled the DNS and URI lookups and Razor/Pyzor/DCC, and it still takes around 1x seconds to scan one email, but we have a little power supply problem at this moment so I cannot check the configuration file, I'll check it later. Are you using smapc/spamd or plain spamassassin? And I think there is a way to tell spamassassin to report what tests actually take some time to execute, so you can see where you are loosing time. Bests, Olivier
Re: uridnsbl error, info what?
On Saturday, September 2, 2006, 8:43:21 PM, Chris Chris wrote: On Saturday 02 September 2006 8:46 am, SM wrote: At 20:22 01-09-2006, Chris wrote: I've been testing OpenDNS tonight vice using Earthlinks DNS nameservers. Looking at my hourly syslog snip, about half way through my NANAS run I noticed the below entries. First of all, what are these entries telling Turn off the typo correction feature of OpenDNS. Regards, -sm Thanks, went there and did that, I'll see how it goes now. Odd also that after I went back and started using OpenDNS I finally got their 'welcome' page, then after a bit went back and got the 'oops' page. Seems to be working though, nslookup shows I'm using their nameservers. Question for Chris: Did turning off the typo correction feature of OpenDNS cause the SURBL lookups (both hits and misses) to start working again? If so we may want to add it to our FAQ, given that others may be having similar issues. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Setting up DKIM and DomainKeys mail signing and verification
Henrik, My users ARE identifyied by either locally trusted IPS or pop-before-smtp, i.e. thery end up in mynetworks, but they are STILL verified by the incoming filter.. And I'm using your suggested setup very strictly..?! As far as I can see, the incoming milter(s) DOES get invoked for ALL incoming mail on port 25.. Am I missing something? I see, you are quite right. I haven't noticed it because no header fields are inserted by these two verifying milters when there is no signature present and dk policy does not claim that a domain is signing all mail. A solution would be to separate mail submission from MX, e.g. by providing another dedicated IP alias address on a mailer for mail submission (or keeping existing address for submission, and pointing MX to a new IP alias). But I have found out that adding -d mydomain.net to the incoming filter actually solved this issue, as this means that my own mail does not get verified.. But neither will anyone spoofing being from my own doamin.. Good. A waste of resources is still there, but at least the verification does not fail. Something still needs to be done to prevent SA plugins DK and DKIM from complaining about non-signed mail from local users. Mark
Re: Non-blocklisted embedded URLs are getting hits on URIBL_AB_SURBL and URIBL_PH_SURBL in SpamAssassin 3.1.5
On Wednesday, September 27, 2006, 11:17:59 PM, Donald Craig wrote:
And Theo Van Dinter pointed out:
You're not by chance using the opendns.{com,org} folks for DNS, are you?
Of course. I'm an idiot. I switched to OpenDNS a couple of weeks back.
Time to return from whence I came. Thank you,
Don Craig
I'm getting matches whenever I have an embedded URL
on URIBL_AB_SURBL and URIBL_PH_SURBL -
unless the URL is actually in URIBL_SBL, in which case the
logic for all the flavors of URIBL_XX_SURBL seems
to work correctly. I have verified the
absence of the incorrectly matching URLs from SURBL
with lookups in http://www.rulesemporium.com/cgi-bin/uribl.cgi
This is SpamAssassin 3.1.5, all was fine in 3.1.2.
For now I have set both those tests to 0.00.
Don Craig
Thanks for the reminder guys. I've added the following note
about OpenDNS compatibility to the SURBL FAQ:
__
http://www.surbl.org/faq.html#opendns
I'm using OpenDNS and getting wrong answers to SURBL DNS queries
OpenDNS is a service that changes the responses to some DNS
queries in order to prevent users from visiting spam, phishing,
etc., sites. It also has a typo correction feature that directs
mistyped domain names to custom sites controlled by OpenDNS
instead of sites controlled by typosquatters, phishers, etc.
When using SURBLs with an OpenDNS nameserver it's important to
disable the typo correction feature, or the responses to
non-matching SURBL queries will be incorrect to a SURBL
application. The reason is that the OpenDNS nameservers return an
IP address of their own web site in those cases, and that
modified IP address will have an incorrect effect on SURBL list
identification that depends on where the bit patterns happen to
be in the modified response.
SURBLs will work with OpenDNS if their typo correction feature is
disabled on servers or clients doing SURBL queries.
__
Does that look about right?
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Re: Earthlink emails
Ramprasad wrote: Why not SPF ?? Over two thirds of the email I receive that is UCE/Spam has an SPF_PASS associated with it from SA. All SPF seems to do is make the stupid spammers look more stupid. The clever ones aren't affected. DK is a resource HOG. And I cant do that easily in postfix ,( I know you will point to dk-milter ) http://jason.long.name/dkfilter/ ... Postfix specific implementation using the Sourceforge/ OpenSource adoptation of the DK standards. What is the point accepting the mail and the entire data and then scanning for DK when It should have ideally been rejected after mail from: That would be the exact point of DK at the Postfix/ MTA level. So I let SA do the testing .. which catches the spams but eats resources of my servers. When you receive 3-5 million mails a day you tend to bother more about resources I would humbly submit to you that if you move that much traffic, you should be able to justify one more MX machine in the pool and implementing DK. Thanks Ram Another point here is that SPF and DK are NOT mutually exclusive technologies. If a thirty-customer/ 10k message-a-day shop like me can implement both, I am sure that a Big Shop like yours can. -- --Michel Vaillancourt Wolfstar Systems www.wolfstar.ca
RE: local.cf auto learn configs and defaults?
Email Lists wrote: - - You can clear the AWL for a sender like this: - - spamassassin --remove-addr-from-whitelist [EMAIL PROTECTED] - - ([EMAIL PROTECTED] is the sender) - - Make sure you do this as the user who is having the problem. - - Thanks and kind regards - - If this doesn't help, post the headers from one of the messages so - that we can see which rules are hitting. - - -- - Bowie Can this removal be a wildcard? [EMAIL PROTECTED] Remember the test rule created was for a whole functional domain I think it has to be done for each address (and also for each recipient). The good news is that the AWL will gradually fix itself. Once these emails are no longer receiving high scores (before the AWL rule), the AWL will start lowering it's score back to reasonable levels. -- Bowie
RE: .spamassin folder not created after bugfix #4932
With regards to my post on Sept 8, I have not seen any responses. No one else is having this issue with the .spamassassin folder not always being created for a new user? This bit of code is mixing up the unix username for the last message filtered [for a pre-existing SA user] rather than the username for the current message being filtered [for a new SA user]. # bug 4932: use the last default_userstate_dir entry if none of the others # already exist $fname ||= $self-sed_path($default_userstate_dir[-1]); If I manually create the new user's /.spamassassin/ folder, the user_prefs does get installed as expected. Or if 2 messages for this same user come in immediately in sequence, the first message fails to do it, but the second message will successfully cause the creation of the folder and prefs file. Because the 'last' in this case just happens to be the same user. Jo
Re: can't get Bayesian to work when invoked from postfix - SOLVED
Hi All, With the great help of Michel Valliancourt I managed to solve my bayesian problem. Solution, for the archives, is below On 26-sep-2006, at 21:13, Peter Teunissen wrote: After having trained SA with sufficient amounts of ham spam, I have bayesian testing working. When I test it with spamassassin -D testmessage as root it works flawlessly. But, when postfix invokes spamc with user filter, bayes always fails. I tested this by running spamassassing -D tesmessage as user filter and saw some permission errors as shown in the debug output at the end of this mail. I see two things going wrong: 1. it tries to create userprefs for filter, not lethal I guess. How can I keep SA from doing this when invoked from postfix? I use it system wide, so no user prefs are needed. There's no option for spamc mentioned in the manpage to make it run system wide only. Turned out that since I created the user filter spamd runs as with / dev/null for a home folder. Changed that to the directory where my bayes db resides. Problem 1 solved. 2. More seriously, it cannot access /var/spool/spamassassin, so it can't use the bayes DB or the whitelist. But this directory is world readable and writable: I had, due to a lack of knowledge on unix file permissions, not made the directory accesible to the user SA runs at; it could read and write the dir, but not execute. I changed the directory so it is owned by user filter and chmoded it to 0755. The contents are also owned by filter and chmoded to 0660. Eh voila, bayesian works. Thanks Michel! Peter
Re: Non-blocklisted embedded URLs are getting hits on URIBL_AB_SURBL and URIBL_PH_SURBL in SpamAssassin 3.1.5
Well I think the FAQ note is a good idea, since a hyperactive
DNS server wasn't the first thing I thought of when I saw
this problem. However, turning off the OpenDNS hyperactivity
does require a fixed IP address to originate the queries - I
found it easier to use OpenDNS for my desktops, and switch
to something else for the SpamAssassin server.
cheers,
Don Craig
Jeff Chan wrote:
On Wednesday, September 27, 2006, 11:17:59 PM, Donald Craig wrote:
And Theo Van Dinter pointed out:
You're not by chance using the opendns.{com,org} folks for DNS, are you?
Of course. I'm an idiot. I switched to OpenDNS a couple of weeks back.
Time to return from whence I came. Thank you,
Don Craig
I'm getting matches whenever I have an embedded URL
on URIBL_AB_SURBL and URIBL_PH_SURBL -
unless the URL is actually in URIBL_SBL, in which case the
logic for all the flavors of URIBL_XX_SURBL seems
to work correctly. I have verified the
absence of the incorrectly matching URLs from SURBL
with lookups in http://www.rulesemporium.com/cgi-bin/uribl.c
This is SpamAssassin 3.1.5, all was fine in 3.1.2.
For now I have set both those tests to 0.00.
Don Craig
Thanks for the reminder guys. I've added the following note
about OpenDNS compatibility to the SURBL FAQ:
__
http://www.surbl.org/faq.html#opendns
"I'm using OpenDNS and getting wrong answers to SURBL DNS queries
OpenDNS is a service that changes the responses to some DNS
queries in order to prevent users from visiting spam, phishing,
etc., sites. It also has a "typo correction" feature that directs
mistyped domain names to custom sites controlled by OpenDNS
instead of sites controlled by typosquatters, phishers, etc.
When using SURBLs with an OpenDNS nameserver it's important to
disable the typo correction feature, or the responses to
non-matching SURBL queries will be incorrect to a SURBL
application. The reason is that the OpenDNS nameservers return an
IP address of their own web site in those cases, and that
modified IP address will have an incorrect effect on SURBL list
identification that depends on where the bit patterns happen to
be in the modified response.
SURBLs will work with OpenDNS if their typo correction feature is
disabled on servers or clients doing SURBL queries."
__
Does that look about right?
Jeff C.
Re: Earthlink emails
On Fri, 2006-09-29 at 08:12 -0400, Michel Vaillancourt wrote: Ramprasad wrote: Why not SPF ?? Over two thirds of the email I receive that is UCE/Spam has an SPF_PASS associated with it from SA. All SPF seems to do is make the stupid spammers look more stupid. The clever ones aren't affected. I have a script that automatically blocks SPF-pass domains sending spam consistently. you could make good use of the SPF_PASS too. DK is a resource HOG. And I cant do that easily in postfix ,( I know you will point to dk-milter ) http://jason.long.name/dkfilter/ ... Postfix specific implementation using the Sourceforge/ OpenSource adoptation of the DK standards. What is the point accepting the mail and the entire data and then scanning for DK when It should have ideally been rejected after mail from: That would be the exact point of DK at the Postfix/ MTA level. How. All the while I thought dkfilter helps me block after dataend ? Do I have to RTFM again ? So I let SA do the testing .. which catches the spams but eats resources of my servers. When you receive 3-5 million mails a day you tend to bother more about resources I would humbly submit to you that if you move that much traffic, you should be able to justify one more MX machine in the pool and implementing DK. We have 8 dual xeons already. for this much traffic. And servers are always loaded with all kinds tests enabled in SA Thanks Ram Another point here is that SPF and DK are NOT mutually exclusive technologies. If a thirty-customer/ 10k message-a-day shop like me can implement both, I am sure that a Big Shop like yours can.
Re: Earthlink emails
Ramprasad wrote: On Fri, 2006-09-29 at 08:12 -0400, Michel Vaillancourt wrote: Ramprasad wrote: Why not SPF ?? Over two thirds of the email I receive that is UCE/Spam has an SPF_PASS associated with it from SA. All SPF seems to do is make the stupid spammers look more stupid. The clever ones aren't affected. I have a script that automatically blocks SPF-pass domains sending spam consistently. you could make good use of the SPF_PASS too. Care to share? This would be very handy. What is the point accepting the mail and the entire data and then scanning for DK when It should have ideally been rejected after mail from: That would be the exact point of DK at the Postfix/ MTA level. How. All the while I thought dkfilter helps me block after dataend ? Do I have to RTFM again ? My mistake.. this one runs as a content filter. The same author is working on a DKIM Proxy that would be your first point-of-contact and handle the mail from intercept. I got confused. So I let SA do the testing .. which catches the spams but eats resources of my servers. When you receive 3-5 million mails a day you tend to bother more about resources I would humbly submit to you that if you move that much traffic, you should be able to justify one more MX machine in the pool and implementing DK. We have 8 dual xeons already. for this much traffic. And servers are always loaded with all kinds tests enabled in SA I'm curious... what is the RAM/ MHz spec of your machines? 5M mail/day is 7 mail per second per machine... at a median 8 seconds mail handle time, that is 57 mail in the pipes at any one time... 50Mb for SA or anti-virus per message works to about 3Gb of RAM in use. I can see your concern. However, again, I'd say that even two more machines in the pool would bring that down to ~2GB of RAM in use per machine, and that should give you the cycles and memory to run SPF queries as well as DK filters. I do understand the notion your boss might not be willing to put another $5K down to deal with the problem. However, as anyone can attest to, good customer service costs money to provide. -- --Michel Vaillancourt Wolfstar Systems www.wolfstar.ca
Ammount of the RAM used by spamd childs
Hi I've the problem with my spamassassin. I'm using spamassassin with exim (MTA) and clamav (AntiVirus). My spamassassin start with the follow command line: /usr/sbin/spamd --syslog=local4 --create-prefs --max-children 10 --max-conn-per-child=100 --helper-home-dir -d --pidfile=/var/run/spamd.pid every child it occupies approximately 450MB of RAM. My server is a GNU/Linux Debian 3.1r2 with spamassassin v3.1.5 and Perl v5.8.4 Aren't it too many every 450MB for single child? Andrea
Re: really slow spamd scan
On 9/29/06, Olivier Nicole [EMAIL PROTECTED] wrote: I think I have diabled the DNS and URI lookups and Razor/Pyzor/DCC, and it still takes around 1x seconds to scan one email, but we have a little power supply problem at this moment so I cannot check the configuration file, I'll check it later. Are you using smapc/spamd or plain spamassassin? it is spamc/spamd.. And I think there is a way to tell spamassassin to report what tests actually take some time to execute, so you can see where you are loosing time. How can I do that? thx a lot! Bests, Olivier
RE: Ammount of the RAM used by spamd childs
Balzi Andrea wrote: Hi I've the problem with my spamassassin. I'm using spamassassin with exim (MTA) and clamav (AntiVirus). My spamassassin start with the follow command line: /usr/sbin/spamd --syslog=local4 --create-prefs --max-children 10 --max-conn-per-child=100 --helper-home-dir -d --pidfile=/var/run/spamd.pid every child it occupies approximately 450MB of RAM. My server is a GNU/Linux Debian 3.1r2 with spamassassin v3.1.5 and Perl v5.8.4 Aren't it too many every 450MB for single child? That is a bit excessive. My first guess is that you have WAY too many add-on rule sets (or you are using old ones that should not be used). Which rule sets are you currently using? -- Bowie
RE: Ammount of the RAM used by spamd childs
-Original Message- [...] every child it occupies approximately 450MB of RAM. My server is a GNU/Linux Debian 3.1r2 with spamassassin v3.1.5 and Perl v5.8.4 Aren't it too many every 450MB for single child? That is a bit excessive. My first guess is that you have WAY too many add-on rule sets (or you are using old ones that should not be used). Which rule sets are you currently using? I'm usign the default rules of spamassassin 3.1.5 with the follow rules downloaded from rulesemporium: TRIPWIRE ANTIDRUG SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 BLACKLIST BLACKLIST_URI RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_BML SARE_RATWARE SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER SARE_HEADER_ENG SARE_HTML SARE_HTML4 SARE_HTML_ENG SARE_SPECIFIC SARE_OBFU SARE_OBFU2 SARE_OBFU3 SARE_REDIRECT_POST300 SARE_SPAMCOP_TOP200 SARE_GENLSUBJ SARE_GENLSUBJ_ENG SARE_HIGHRISK SARE_UNSUB SARE_URI0 SARE_URI1 SARE_URI2 SARE_URI3 SARE_URI_ENG SARE_WHITELIST SARE_STOCKS SARE_GENLSUBJ4 OUR_WHITELIST (about 296 entry) OUR_BLACKLIST (about 27 entry) OUR_RULES (about 35 rules that check subject) Andrea
Re: bayes sync is hogging cpu
Bret Miller wrote: I used to have problems with bayes locking and journaling. When it finally corrupted the database, I decided it was time to put it into a real SQL database instead of using DB_File. Haven't had a single problem with bayes CPU or locking since. Maybe it's time you consider using MySQL? Bret I have now simply put an end to the misery by wiping the DB :) And the issue is of course solved. I'll be looking into MySQL in the very near future, I think. Thanks to everyone who has answered! Best Regards, Andreas
Re: Earthlink emails
Return-Path: [EMAIL PROTECTED] X-Sieve: CMU Sieve 2.2 X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on amadeus3.local X-Spam-Level: DomainKey-Status: no signature X-Sieve: CMU Sieve 2.2 Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk list-help: mailto:[EMAIL PROTECTED] list-unsubscribe: mailto:[EMAIL PROTECTED] List-Post: mailto:users@spamassassin.apache.org List-Id: users.spamassassin.apache.org Delivered-To: mailing list users@spamassassin.apache.org X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= Subject: Re: Earthlink emails From: Ramprasad [EMAIL PROTECTED] To: Loren Wilton [EMAIL PROTECTED] Cc: spamassassin-users users@spamassassin.apache.org In-Reply-To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Content-Type: text/plain Date: Fri, 29 Sep 2006 11:43:48 +0530 Mime-Version: 1.0 X-Mailer: Evolution 2.0.4 (2.0.4-7) Content-Transfer-Encoding: 7bit X-SMTP3-MailScanner-Information: Please contact the ISP for more information X-MailScanner-From: [EMAIL PROTECTED] X-TOI-SPAM: u;0;2006-09-29T06:14:29Z X-TOI-VIRUSSCAN: unchecked X-TOI-MSGID: eaf52ea5-4598-4c0e-bbec-9b2da8e90a41 X-Seen: false X-ENVELOPE-TO: [EMAIL PROTECTED] On Thu, 2006-09-28 at 11:05 -0700, Loren Wilton wrote: Apparently they have removed SPF records after publishing them once. Thats a stupid idea IMHO. Today I am forced to TEMP FAIL earthlink ids whenever there is a spam attack on my servers SPF can be a pain for a number of reasons that have been discussed endlessly. I suspect Dirtlink found them to be effectively useless. Why not try using domainkeys instead? DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=FB4IOaniCvpDwkx5cYm2jFWe8LB9zRfxL9FHzbhv1JHyGSVrA0o4mttb3jjbU4C3; h=Message-ID:Date:From:Reply-To:To:Subject:Cc:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP; Loren Darn, I dont want to again get into SPF debates. Assume I am using domain keys and catching all spams forged from earthlink , still I am scanning the mails. Anyway that is already happening today. SA is catching spams from earthlink( forged ?) but when you scan a huge number of mails you would like to be able to reject forged mails straight after mail from:. That is what SPF lets you do and that works. No wonder a lot of spammers have stopped forging hotmail or msn because most of those mails dont even get thru the MTA. And a majority of the forged spams I still get is from earthlink or yahoo. Thanks Ram Hi, well - you could set up your MTA to verify domainkeys and reject. However, there are a lot of mails around that could cause rejection altnhough they are valid mail resent by something (e.g. a mailing list) but keeping the domain keys / not adding a sender header Wolfgang Hamann
Fw: failure notice / spaassassin.apache.org
To whom it may concern. I need your help. I run a legitimate business ( 27 years ) of Search and Placement in the electronic industry. As you can see for the text below I am unable to contact people about the jobs that they want to interview for. How do I get unlisted from the Spamassassin black list? Every letter I send out is an individual letter not a spam or junk mail. I view resumes on Hot Jobs. I pay for this service. People post their resumes so that a recruiter like myself will contact them with the hope of finding work. By being blocked from contacting that person causes Spamassassin to harm both of us. In addition, several clients have not been able to receive emails from me. These clients are fortune 500 manufactures that have written agreements with our firm to arrange legitimate interviews for valid jobs. Can you help me get delisted ? Sincerely. Tom Myers - President - 310-317-6113 www.electroniccareers.com [EMAIL PROTECTED] - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 29, 2006 9:38 AM Subject: failure notice Hi. This is the qmail-send program at host241.ipowerweb.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: Connected to 206.18.177.26 but sender was rejected. Remote host said: 550 66.235.211.53 blocked by ldap:ou=rblmx,dc=comcast,dc=net - BL004 Blocked for spam. Please see http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18628 --- Below this line is a copy of the message. Return-Path: [EMAIL PROTECTED] Received: (qmail 8935 invoked by uid 10025); 29 Sep 2006 16:38:40 - Received: from 66.215.109.14 by host241.ipowerweb.com (envelope-from [EMAIL PROTECTED], uid 1002) with qmail-scanner-1.25st (clamdscan: 0.88/1245. spamassassin: 3.1.0. perlscan: 1.25st. Clear:RC:1(66.215.109.14):. Processed in 0.036045 secs); 29 Sep 2006 16:38:40 - Received: from unknown (HELO TOM1) (66.215.109.14) by host241.ipowerweb.com with SMTP; 29 Sep 2006 16:38:40 - Message-ID: [EMAIL PROTECTED] Reply-To: Tom Myers [EMAIL PROTECTED] From: Tom Myers [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Raul resume request Date: Fri, 29 Sep 2006 09:40:01 -0700 Organization: Electronic Careers MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_02E6_01C6E3AB.3C42EE90 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 This is a multi-part message in MIME format. --=_NextPart_000_02E6_01C6E3AB.3C42EE90 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable Raul, I have a job as a Design Engineer in Illinois. =20 If you are still available please forward a resume to = [EMAIL PROTECTED] I'll then contact you to discuss the job match. Tom Myers www.electroniccareers.com 1-310-317-6113 --=_NextPart_000_02E6_01C6E3AB.3C42EE90 Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=3DContent-Type content=3Dtext/html; = charset=3Dwindows-1252 META content=3DMSHTML 6.00.2900.2963 name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ff DIVFONT size=3D2Raul,/FONT/DIV DIVFONT size=3D2/FONTnbsp;/DIV DIVFONT size=3D2I have a job as a Design Engineer in Illinois.nbsp; = /FONT/DIV DIVFONT size=3D2/FONTnbsp;/DIV DIVFONT size=3D2If you are still available please forward a resume = to A=20 href=3Dmailto:[EMAIL PROTECTED][EMAIL PROTECTED]/= A/FONT/DIV DIVFONT size=3D2/FONTnbsp;/DIV DIVFONT size=3D2I'll then contact you to discuss the job = match./FONT/DIV DIVnbsp;/DIV DIVFONT size=3D2Tom MyersBRA=20 href=3Dhttp://www.electroniccareers.com;www.electroniccareers.com/AB= R1-310-317-6113/FONT/DIV/BODY/HTML --=_NextPart_000_02E6_01C6E3AB.3C42EE90--
Re: Fw: failure notice / spaassassin.apache.org
It looks like you are listed in spamcop and apparently Comcast is either using spamcop or they have their own list that is blocking you. You really need to contact comcast about this, not the spamassassin list. This list has nothing to do with your problem. See: http://spamcop.net/w3m?action=checkblockip=66.235.211.53 and http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18628 Anyone sending large amounts of mail on the Internet these days really needs to understand these issues (that means you). Good luck! Ken Tom Myers wrote: To whom it may concern. I need your help. I run a legitimate business ( 27 years ) of Search and Placement in the electronic industry. As you can see for the text below I am unable to contact people about the jobs that they want to interview for. How do I get unlisted from the Spamassassin black list? Every letter I send out is an individual letter not a spam or junk mail. I view resumes on Hot Jobs. I pay for this service. People post their resumes so that a recruiter like myself will contact them with the hope of finding work. By being blocked from contacting that person causes Spamassassin to harm both of us. In addition, several clients have not been able to receive emails from me. These clients are fortune 500 manufactures that have written agreements with our firm to arrange legitimate interviews for valid jobs. Can you help me get delisted ? Sincerely. Tom Myers - President - 310-317-6113 www.electroniccareers.com [EMAIL PROTECTED] - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 29, 2006 9:38 AM Subject: failure notice Hi. This is the qmail-send program at host241.ipowerweb.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: Connected to 206.18.177.26 but sender was rejected. Remote host said: 550 66.235.211.53 blocked by ldap:ou=rblmx,dc=comcast,dc=net - BL004 Blocked for spam. Please see http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18628 --- Below this line is a copy of the message. Return-Path: [EMAIL PROTECTED] Received: (qmail 8935 invoked by uid 10025); 29 Sep 2006 16:38:40 - Received: from 66.215.109.14 by host241.ipowerweb.com (envelope-from [EMAIL PROTECTED], uid 1002) with qmail-scanner-1.25st (clamdscan: 0.88/1245. spamassassin: 3.1.0. perlscan: 1.25st. Clear:RC:1(66.215.109.14):. Processed in 0.036045 secs); 29 Sep 2006 16:38:40 - Received: from unknown (HELO TOM1) (66.215.109.14) by host241.ipowerweb.com with SMTP; 29 Sep 2006 16:38:40 - Message-ID: [EMAIL PROTECTED] Reply-To: Tom Myers [EMAIL PROTECTED] From: Tom Myers [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Raul resume request Date: Fri, 29 Sep 2006 09:40:01 -0700 Organization: Electronic Careers MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_02E6_01C6E3AB.3C42EE90 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 This is a multi-part message in MIME format. --=_NextPart_000_02E6_01C6E3AB.3C42EE90 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable Raul, I have a job as a Design Engineer in Illinois. =20 If you are still available please forward a resume to = [EMAIL PROTECTED] I'll then contact you to discuss the job match. Tom Myers www.electroniccareers.com 1-310-317-6113 --=_NextPart_000_02E6_01C6E3AB.3C42EE90 Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=3DContent-Type content=3Dtext/html; = charset=3Dwindows-1252 META content=3DMSHTML 6.00.2900.2963 name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ff DIVFONT size=3D2Raul,/FONT/DIV DIVFONT size=3D2/FONTnbsp;/DIV DIVFONT size=3D2I have a job as a Design Engineer in Illinois.nbsp; = /FONT/DIV DIVFONT size=3D2/FONTnbsp;/DIV DIVFONT size=3D2If you are still available please forward a resume = to A=20 href=3Dmailto:[EMAIL PROTECTED][EMAIL PROTECTED]/= A/FONT/DIV DIVFONT size=3D2/FONTnbsp;/DIV DIVFONT size=3D2I'll then contact you to discuss the job = match./FONT/DIV DIVnbsp;/DIV DIVFONT size=3D2Tom MyersBRA=20 href=3Dhttp://www.electroniccareers.com;www.electroniccareers.com/AB= R1-310-317-6113/FONT/DIV/BODY/HTML --=_NextPart_000_02E6_01C6E3AB.3C42EE90--
Re: Fw: failure notice / spaassassin.apache.org
hi there -- I don't think SpamAssassin has anything to do with this -- the message you forwarded contained this error: Connected to 206.18.177.26 but sender was rejected. Remote host said: 550 66.235.211.53 blocked by ldap:ou=rblmx,dc=comcast,dc=net - BL004 Blocked for spam. Please see http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18628 as far as I can see, there was no mention of SpamAssassin. in other words, it's Comcast you need to talk to; that URL looks helpful. --j. Tom Myers writes: To whom it may concern. I need your help. I run a legitimate business ( 27 years ) of Search and Placement in the electronic industry. As you can see for the text below I am unable to contact people about the jobs that they want to interview for. How do I get unlisted from the Spamassassin black list? Every letter I send out is an individual letter not a spam or junk mail. I view resumes on Hot Jobs. I pay for this service. People post their resumes so that a recruiter like myself will contact them with the hope of finding work. By being blocked from contacting that person causes Spamassassin to harm both of us. In addition, several clients have not been able to receive emails from me. These clients are fortune 500 manufactures that have written agreements with our firm to arrange legitimate interviews for valid jobs. Can you help me get delisted ? Sincerely. Tom Myers - President - 310-317-6113 www.electroniccareers.com [EMAIL PROTECTED] - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 29, 2006 9:38 AM Subject: failure notice Hi. This is the qmail-send program at host241.ipowerweb.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: Connected to 206.18.177.26 but sender was rejected. Remote host said: 550 66.235.211.53 blocked by ldap:ou=rblmx,dc=comcast,dc=net - BL004 Blocked for spam. Please see http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18628 --- Below this line is a copy of the message. Return-Path: [EMAIL PROTECTED] Received: (qmail 8935 invoked by uid 10025); 29 Sep 2006 16:38:40 - Received: from 66.215.109.14 by host241.ipowerweb.com (envelope-from [EMAIL PROTECTED], uid 1002) with qmail-scanner-1.25st (clamdscan: 0.88/1245. spamassassin: 3.1.0. perlscan: 1.25st. Clear:RC:1(66.215.109.14):. Processed in 0.036045 secs); 29 Sep 2006 16:38:40 - Received: from unknown (HELO TOM1) (66.215.109.14) by host241.ipowerweb.com with SMTP; 29 Sep 2006 16:38:40 - Message-ID: [EMAIL PROTECTED] Reply-To: Tom Myers [EMAIL PROTECTED] From: Tom Myers [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Raul resume request Date: Fri, 29 Sep 2006 09:40:01 -0700 Organization: Electronic Careers MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_02E6_01C6E3AB.3C42EE90 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 This is a multi-part message in MIME format. --=_NextPart_000_02E6_01C6E3AB.3C42EE90 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable Raul, I have a job as a Design Engineer in Illinois. =20 If you are still available please forward a resume to = [EMAIL PROTECTED] I'll then contact you to discuss the job match. Tom Myers www.electroniccareers.com 1-310-317-6113 --=_NextPart_000_02E6_01C6E3AB.3C42EE90 Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=3DContent-Type content=3Dtext/html; = charset=3Dwindows-1252 META content=3DMSHTML 6.00.2900.2963 name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ff DIVFONT size=3D2Raul,/FONT/DIV DIVFONT size=3D2/FONTnbsp;/DIV DIVFONT size=3D2I have a job as a Design Engineer in Illinois.nbsp; = /FONT/DIV DIVFONT size=3D2/FONTnbsp;/DIV DIVFONT size=3D2If you are still available please forward a resume = to A=20 href=3Dmailto:[EMAIL PROTECTED][EMAIL PROTECTED]/= A/FONT/DIV DIVFONT size=3D2/FONTnbsp;/DIV DIVFONT size=3D2I'll then contact you to discuss the job = match./FONT/DIV DIVnbsp;/DIV DIVFONT size=3D2Tom MyersBRA=20 href=3Dhttp://www.electroniccareers.com;www.electroniccareers.com/AB= R1-310-317-6113/FONT/DIV/BODY/HTML --=_NextPart_000_02E6_01C6E3AB.3C42EE90--
Re: failure notice / spaassassin.apache.org
On 29-Sep-06, at 1:06 PM, Tom Myers wrote: To whom it may concern. I need your help. I run a legitimate business ( 27 years ) of Search and Placement in the electronic industry. As you can see for the text below I am unable to contact people about the jobs that they want to interview for. How do I get unlisted from the Spamassassin black list? Every letter I send out is an individual letter not a spam or junk mail. I view resumes on Hot Jobs. I pay for this service. People post their resumes so that a recruiter like myself will contact them with the hope of finding work. By being blocked from contacting that person causes Spamassassin to harm both of us. In addition, several clients have not been able to receive emails from me. These clients are fortune 500 manufactures that have written agreements with our firm to arrange legitimate interviews for valid jobs. Can you help me get delisted ? SpamAssassin is not a blacklist, you do not get delisted from it since it is not listing you as a spammer. Comcast, is the ISP that is responsible for the mail servers of the person you are trying to reach. They have determined that the email you are sending is spam for whatever reason and have given you an address with possible explanations as to why. http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18628 That page also has a contact address where you can contact someone about the problems you are having. [EMAIL PROTECTED] They are the ones you should be taking this up with. We can't help you. -- Gino Cerullo Pixel Point Studios 21 Chesham Drive Toronto, ON M3M 1W6 416-247-7740 smime.p7s Description: S/MIME cryptographic signature
Re: Q. about spam directed towards highest MX Record?
On Wed, 27 Sep 2006, Rob McEwen wrote: (CCing Marc Perkel because I seem to recall him knowing about this) Not that I'd ever outright block based on this one factor alone, but... Does anyone have any stats about what percentage of spam is directed towards the highest MX Record? (that is, where there is more than one MX record?) Also, has anyone ever seen ANY legit mail go to the highest MX record when no mail server failure occurred? Hehe, that is an old spammer trick... Our secondary MX is pretty much 100% spam. I implemented greylisting on the secondary which reduced spam through it by about 99% :) The secondary does not do spam scanning, it's simply store and forward. Greylisting really helps in these cases. -- Jon Trulson mailto:[EMAIL PROTECTED] http://radscan.com/~jon #include std/disclaimer.h No Kill I -Horta
Re: Q. about spam directed towards highest MX Record?
Jon Trulson said: Hehe, that is an old spammer trick... Our secondary MX is pretty much 100% spam. I implemented greylisting on the secondary which reduced spam through it by about 99% :) The secondary does not do spam scanning, it's simply store and forward. Greylisting really helps in these cases. Jon, please tell me, what portion of your overall spams attempt to comes in through this secondary MX compared to all spam that you catch which are headed to your primary MX record. THAT is what I most wanted to know. Thanks! Rob McEwen PowerView Systems
[OT] Re: Fw: failure notice / spaassassin.apache.org
Ken A wrote: It looks like you are listed in spamcop and apparently Comcast is either using spamcop or they have their own list that is blocking you. Comcast themselves are using a spam filter? (Let me taste that line one more time...) Comcast themselves are using a spam filter? Then why aren't they using one to block their own customers from spamming the rest of the world? /Andreas
Email to SMS Gateways and Spam
Recently I've discovered that if I attempt to forge the From: header in an email message that it ends up being considerably delayed when sent thru my providers Email to SMS Gateway. I strongly suspect they have in place measures to identify SPAM that will cause the message to receive a much lower priority. Unfortunately because it's a FIFO queue all messages sent thereafter to my device (be they from another device or whatever) are also delayed. Anybody seen this before? Right now I'm using a From: that is a legimate address and I'm sure is in many databases but before I was using a non existent user at my domain because I want to convey some context about the alert without using the body for the message. Thus allowing me to easily distinguish b/w different types of messages by looking at the sender of the message. This message was sent using IMP, the Internet Messaging Program.
Re: [OT] Re: Fw: failure notice / spaassassin.apache.org
On Fri, Sep 29, 2006 at 07:59:13PM +0200, Andreas Pettersson wrote: Then why aren't they using one to block their own customers from spamming the rest of the world? While you can sell we block spam from your inbox to people as a reason to pay you money, you can't sell we stop you from sending spam. -- Randomly Selected Tagline: Defend the right to keep and arm bears! pgpPUIKDGrCpZ.pgp Description: PGP signature
Re: Email to SMS Gateways and Spam
[EMAIL PROTECTED] wrote: Recently I've discovered that if I attempt to forge the From: header in an email message that it ends up being considerably delayed when sent thru my providers Email to SMS Gateway. I strongly suspect they have in place measures to identify SPAM that will cause the message to receive a much lower priority. Unfortunately because it's a FIFO queue all messages sent thereafter to my device (be they from another device or whatever) are also delayed. Anybody seen this before? I'm curios, what provider? I've currently got a ticket open with Bell Mobility Data Support about text messages taking three days to arrive, if ever, except for the odd one sent from another Bell phone that arrives immediately. I wonder if I'm seeing that same thing. Daryl
Re: [OT] Re: Fw: failure notice / spaassassin.apache.org
Andreas Pettersson wrote: Ken A wrote: It looks like you are listed in spamcop and apparently Comcast is either using spamcop or they have their own list that is blocking you. Comcast themselves are using a spam filter? (Let me taste that line one more time...) Comcast themselves are using a spam filter? yes, looks like they are using brightmail Then why aren't they using one to block their own customers from spamming the rest of the world? uh, a guess? it costs too much. :-\ Ken /Andreas
Re: Fw: failure notice / spaassassin.apache.org
Comcast has their own blacklist, I do not know how they arrive at what is spam and what is not, in my experience, it is questionable. Your hosting company is the one that is blacklisted. This can be effecting many or just effecting you, it depends on whether they assign individual ip number to each web host or do naming. In the event of naming, it can effect everyone they host for. Your hosting company (the one that is actually responsible for the net block you are assigned will have to resolve this with comcast), alternatively you can probably request it's removal at the following url, there should be instructions at the URL. http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18626 use this IP '66.235.211.53 ' which is what your host gives your website. If you do a search on 'blacklist' and comcast, you will get pages full of their blacklisting anomalies. Also, just as a preventative, I do not know if you use any mass mailers advertising, but if you do, this can cause blacklisting. If you do the best way to avoid blacklisting if you do this is to use as server side mailing list with subscribe/unsubscribe options. The spam situation from an ISP standpoint is getting ever worse to keep its subscriber's email flowing. AOL is similar, they decide which mail is spam by the number of times it's customer's put the same sources of email in their spam folder, if it appears at about a rate of 5%, it's blacklist time. What does this mean, it means whoever you are sending email to, even though in your eyes, it may be legitimate, if they decide they don't want to receive it, they can hit the AOL spam button and they have officially dubbed your email spam and the counter starts. This is where the serverside email lists help but do not eliminate this, depends if the receiver is will to click on the url for your unsubscribe message. Another (though less liked by most), is to only send email that is text, i.e. no images, no html. This will maximize the probably that your mail won't be interpeted as spam. Hope this helps. Tom Myers wrote: To whom it may concern. I need your help. I run a legitimate business ( 27 years ) of Search and Placement in the electronic industry. As you can see for the text below I am unable to contact people about the jobs that they want to interview for. How do I get unlisted from the Spamassassin black list? Every letter I send out is an individual letter not a spam or junk mail. I view resumes on Hot Jobs. I pay for this service. People post their resumes so that a recruiter like myself will contact them with the hope of finding work. By being blocked from contacting that person causes Spamassassin to harm both of us. In addition, several clients have not been able to receive emails from me. These clients are fortune 500 manufactures that have written agreements with our firm to arrange legitimate interviews for valid jobs. Can you help me get delisted ? Sincerely. Tom Myers - President - 310-317-6113 www.electroniccareers.com [EMAIL PROTECTED] - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 29, 2006 9:38 AM Subject: failure notice Hi. This is the qmail-send program at host241.ipowerweb.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: Connected to 206.18.177.26 but sender was rejected. Remote host said: 550 66.235.211.53 blocked by ldap:ou=rblmx,dc=comcast,dc=net - BL004 Blocked for spam. Please see http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18628 --- Below this line is a copy of the message. Return-Path: [EMAIL PROTECTED] Received: (qmail 8935 invoked by uid 10025); 29 Sep 2006 16:38:40 - Received: from 66.215.109.14 by host241.ipowerweb.com (envelope-from [EMAIL PROTECTED], uid 1002) with qmail-scanner-1.25st (clamdscan: 0.88/1245. spamassassin: 3.1.0. perlscan: 1.25st. Clear:RC:1(66.215.109.14):. Processed in 0.036045 secs); 29 Sep 2006 16:38:40 - Received: from unknown (HELO TOM1) (66.215.109.14) by host241.ipowerweb.com with SMTP; 29 Sep 2006 16:38:40 - Message-ID: [EMAIL PROTECTED] Reply-To: Tom Myers [EMAIL PROTECTED] From: Tom Myers [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Raul resume request Date: Fri, 29 Sep 2006 09:40:01 -0700 Organization: Electronic Careers MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_02E6_01C6E3AB.3C42EE90 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 This is a multi-part message in MIME format. --=_NextPart_000_02E6_01C6E3AB.3C42EE90 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable Raul, I have a job as a Design Engineer in Illinois. =20 If you are still available
Re: Migrate dependencies problem
Philippe Couas wrote: 4 rpm -Uvh spamassassin-3.1.5-1.rh9.rf.i386.rpm ... Where could i found theses perls optional packages, and how install them ? I see you're using the RPMForge packages (or possibly a subset like FreshRPMs or DAG). If an RPMForge package has dependencies, you will find those dependencies either in the base Red Hat 9 system, or in RPMForge itself. Your best bet is to install yum and the rpmforge-release package, then use yum to install spamassassin. It will automatically pick up the dependencies. (Incidentally, you might want to consider moving to something a bit more...well, supported than Red Hat 9. Even Fedora Legacy is dropping it at the end of the year. Centos 3 www.centos.org is a good bet, since it's based on RHEL 3, which is based on RH9, and will continue to get security updates through 2010.) -- Kelson Vibber SpeedGate Communications www.speed.net
Re: [OT] Re: Fw: failure notice / spaassassin.apache.org
Theo Van Dinter wrote: On Fri, Sep 29, 2006 at 07:59:13PM +0200, Andreas Pettersson wrote: Then why aren't they using one to block their own customers from spamming the rest of the world? While you can sell we block spam from your inbox to people as a reason to pay you money, you can't sell we stop you from sending spam. http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18625 Unless you want to send spam to our own customers, then we'll block that, unless you pay us more for commercial service. :) Too bad outgress filtering isn't as cheap as running a blacklist with your own IPs in it.
gocr v.41 and segfault patch
Has gocr .41 fixed the segfault problem patched in .40 by http://antispam.imp.ch/patches/patch-gocr-segfault ? If not is there an updated patch for .41? thanks, Russ
RE: Ammount of the RAM used by spamd childs
Balzi Andrea wrote: -Original Message- [...] every child it occupies approximately 450MB of RAM. My server is a GNU/Linux Debian 3.1r2 with spamassassin v3.1.5 and Perl v5.8.4 Aren't it too many every 450MB for single child? That is a bit excessive. My first guess is that you have WAY too many add-on rule sets (or you are using old ones that should not be used). Which rule sets are you currently using? I'm usign the default rules of spamassassin 3.1.5 with the follow rules downloaded from rulesemporium: ANTIDRUG Antidrug is not needed with current versions of SA. BLACKLIST_URI You should use the ws.surbl.org version of this blacklist instead. See here for more info: http://wiki.apache.org/spamassassin/SURBL BLACKLIST This is a 16M rulefile and probably a major contributor to your memory load. SARE_SPAMCOP_TOP200 The current versions of SA already use this list as a network test. If you have network tests enabled, you don't need this. Other than that, all I can say is that you have quite a few rules. You may want to try removing some of them and restarting spamd. Just do some trial and error and see which ones make the most difference. -- Bowie
Re: Q. about spam directed towards highest MX Record?
Rob McEwen (PowerView Systems) wrote: Jon Trulson said: Hehe, that is an old spammer trick... Our secondary MX is pretty much 100% spam. I implemented greylisting on the secondary which reduced spam through it by about 99% :) The secondary does not do spam scanning, it's simply store and forward. Greylisting really helps in these cases. Jon, please tell me, what portion of your overall spams attempt to comes in through this secondary MX compared to all spam that you catch which are headed to your primary MX record. Here are some rough numbers from my systems: Yesterday on the secondary MX: Connections: 24601 Blocked for RBL: 22841 Roughly similar time period on primary MX: Connections:176668 Blocked for RBL: 79994 Delivered: 17168
Re: Email to SMS Gateways and Spam
I'm using Former ATT Wireless / Cingular Blue. email goes to @mmode.com gateway. I'm guessing but so far I'm seeing reliable messaging since I stopped forging From: Quoting Daryl C. W. O'Shea [EMAIL PROTECTED]: [EMAIL PROTECTED] wrote: Recently I've discovered that if I attempt to forge the From: header in an email message that it ends up being considerably delayed when sent thru my providers Email to SMS Gateway. I strongly suspect they have in place measures to identify SPAM that will cause the message to receive a much lower priority. Unfortunately because it's a FIFO queue all messages sent thereafter to my device (be they from another device or whatever) are also delayed. Anybody seen this before? I'm curios, what provider? I've currently got a ticket open with Bell Mobility Data Support about text messages taking three days to arrive, if ever, except for the odd one sent from another Bell phone that arrives immediately. I wonder if I'm seeing that same thing. Daryl This message was sent using IMP, the Internet Messaging Program.
Re: Ammount of the RAM used by spamd childs
On Friday, September 29, 2006, 12:32:08 PM, Bowie Bailey wrote: Balzi Andrea wrote: BLACKLIST_URI You should use the ws.surbl.org version of this blacklist instead. See here for more info: http://wiki.apache.org/spamassassin/SURBL Though ws.surbl.org is the direct descendant of BLACKLIST_URI, be sure to use multi.surbl.org instead of ws if you use multiple (other) SURBL lists. Basically, use the defaults in SA 3. Actually since you are using SA 3, then you don't need BLACKLIST_URI at all, and you don't need to manually configure SURBL lists. Just make sure network tests are enabled and Net::DNS is current on the system, and SURBLs will be used since they're already in the default configurations. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Non-blocklisted embedded URLs are getting hits on URIBL_AB_SURBL and URIBL_PH_SURBL in SpamAssassin 3.1.5
On Thursday 28 September 2006 1:17 am, Donald Craig wrote:
And Theo Van Dinter pointed out:
You're not by chance using the opendns.{com,org} folks for DNS, are you?
Of course. I'm an idiot. I switched to OpenDNS a couple of weeks back.
Time to return from whence I came. Thank you,
Don Craig
I'm getting matches whenever I have an embedded URL
on URIBL_AB_SURBL and URIBL_PH_SURBL -
unless the URL is actually in URIBL_SBL, in which case the
logic for all the flavors of URIBL_XX_SURBL seems
to work correctly. I have verified the
absence of the incorrectly matching URLs from SURBL
with lookups in http://www.rulesemporium.com/cgi-bin/uribl.cgi
This is SpamAssassin 3.1.5, all was fine in 3.1.2.
For now I have set both those tests to 0.00.
Don Craig
Yes, OpenDNS definitely caused problems for me also:
Sep 1 21:51:25 localhost spamd[10939]: uridnsbl: bogus rr for
domain=otwaloow.com, rule=URIBL_XS_SURBL, id=8880
rr=otwaloow.com.xs.surbl.org. 1 IN A 208.67.219.40
at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/URIDNSBL.pm line
626.
Theo pointed out the errors of my ways:
The error is saying that it's looking for a 127/8 result, but it gets
208.67.219.40 (which resolves to a *.opendns.com name btw). So I would
say that yes, the problems are related to changing your nameservers.
--
Chris
pgpiCQ7T2K9Ew.pgp
Description: PGP signature
Re: Non-blocklisted embedded URLs are getting hits on URIBL_AB_SURBL and URIBL_PH_SURBL in SpamAssassin 3.1.5
From: Chris [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Date: Friday, September 29, 2006, 3:59:03 PM
Subject: Non-blocklisted embedded URLs are getting hits on
URIBL_AB_SURBL and URIBL_PH_SURBL in SpamAssassin 3.1.5
===8==Original message text===
On Thursday 28 September 2006 1:17 am, Donald Craig wrote:
And Theo Van Dinter pointed out:
You're not by chance using the opendns.{com,org} folks for DNS,
are you?
Of course. I'm an idiot. I switched to OpenDNS a couple of weeks
back.
Time to return from whence I came. Thank you,
Donald,
We handle DNSBLs but not URIBLs, at the moment. Passing along to
Noah to see what he can do. Sorry you had this happen to your
SpamAssassin scoring. (Time to check mine... :-) )
You can resolve this behavior by turning off typo correction in your
preferences page and it'll work again with us returning NXDOMAIN
(RCODE=3) instead of doing the typo correction service. Hopefully we
can get more granular with that in the future.
If you are on a dynamic IP, well, just sit tight for a couple more
weeks or email me to start beta testing some code this week to handle
dynamic IPs (and that offer is for anyone).
Thanks,
David Ulevitch (from OpenDNS)
Don Craig
I'm getting matches whenever I have an embedded URL
on URIBL_AB_SURBL and URIBL_PH_SURBL -
unless the URL is actually in URIBL_SBL, in which case the
logic for all the flavors of URIBL_XX_SURBL seems
to work correctly. I have verified the
absence of the incorrectly matching URLs from SURBL
with lookups in http://www.rulesemporium.com/cgi-bin/uribl.cgi
This is SpamAssassin 3.1.5, all was fine in 3.1.2.
For now I have set both those tests to 0.00.
Don Craig
Yes, OpenDNS definitely caused problems for me also:
Sep 1 21:51:25 localhost spamd[10939]: uridnsbl: bogus rr for
domain=otwaloow.com, rule=URIBL_XS_SURBL, id=8880
rr=otwaloow.com.xs.surbl.org. 1 IN A 208.67.219.40
at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/
URIDNSBL.pm line
626.
Theo pointed out the errors of my ways:
The error is saying that it's looking for a 127/8 result, but it gets
208.67.219.40 (which resolves to a *.opendns.com name btw). So I
would
say that yes, the problems are related to changing your nameservers.
--
Chris
===8===End of original message text===
Re: Ammount of the RAM used by spamd childs
Balzi Andrea wrote: -Original Message- [...] every child it occupies approximately 450MB of RAM. My server is a GNU/Linux Debian 3.1r2 with spamassassin v3.1.5 and Perl v5.8.4 Aren't it too many every 450MB for single child? That is a bit excessive. My first guess is that you have WAY too many add-on rule sets (or you are using old ones that should not be used). Which rule sets are you currently using? Ditch BLACKLIST and BLACKLIST_URI.. Those are both NOTORIOUS consumers of ram. at least 100mb per file. Also ditch Antidrug. It's only for users of SA 2.6x. SA 3.0 and higher have these rules built-in so loading antidrug is redundant at best, and possibly a downgrade.
